Presented at REcon 2005
June 19, 2005, 11:30 a.m.
Registration number protections require the user to enter a registration number to register a software application. However, in most cases such a protection can be defeated easily by an in-depth analysis of the disassembled code or by tracing the applications execution using dynamic disassembly (debugging) techniques. Even there still is heavy use of simple XOR encryption methods, several software applications use high optimized cryptographic algorithms to prove the given input for validity. However, there are several approaches to deal even with such complicated calculations. Once the attacker identifies the algorithm routines, one approach is to use self-keygenning techniques, which produces always a correct serial number by turning the application against itself, which had been described by Webbit in detail . Another approach is the common used code-ripping method, where the attacker extracts the relevant code segment and uses the extracted code to build up a keygenning application. Using self-keygenning or code-ripping, the attacker does not necessarily need to know exactly, how the algorithm works. The attacker just needs to be aware of initial settings, as register values.
Thorsten Schneider received his diploma in medical informatics from the University of Heidelberg in 2002, and the Doctor rerum medicarum with Magna cum laude from the Free University of Berlin (Charité Universitätsmedizin Campus Benjamin Franklin) in 2004. He was scientific assistant at the bioinformatics faculty at the University of Bielefeld from 2003 to 2004 and is currently scientific assistant for software engineering at the University of Hannover. He is a member of the Center for Space Medicine Berlin (ZWMB). His current research interests include reverse code engineering, experimental and empirical software engineering and time series analysis. He is working on his postdoctoral thesis in the field of reverse code engineering, watermarking, obfuscation, decompilation and software protection. He maintains and administrates several reverse code engineering websites, including the Reverse Code Engineering Portal (Anticrack) (http://www.reverse-engineering.net), the Reverse Engineering Academy (http://www.reverser-course.de) and the crackmes website system (http://www.crackmes.de).